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ABSTRACT 

Most reliability analysis techniques and tools assume that a system is used for a mission consisting of a 
single phase. However, multiple phases are natural in many missions. The failure rates of components, system 
configuration, and success criteria may vary from phase to phase. In addition, the duration of a phase may be 
deterministic or random. Recently, several researchers have addressed the problem of reliability analysis of 
such systems using a variety of methods. We describe a new technique for phased-mission system reliability 
analysis based on Boolean algebraic methods. Our technique is computationally efficient and is applicable 
to a large class of systems for which the failure criterion in each phase can be expressed as a fault tree (or 
an equivalent representation). Our technique avoids state space explosion that commonly plague Markov 
chain-based analysis. We develop a phase algebra to account for the effects of variable configurations and 
success criteria from phase to phase. Our technique yields exact (as opposed to approximate) results. We 
demonstrate the use our technique by means of an example and present numerical results to show the effects 
of mission phases on the system reliability. 


1 This research was supported by the National Aeronautics and Space Administration under NASA Contract No. NASl- 
19480 while the authors were in residence at the Institute for Computer Applications in Science and Engineering (ICASE), 
NASA Langley Research Center, Hampton, VA 23681. 
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1 Introduction 


The reliability analysis of ultra-reliable computer systems is an important problem for which various tech- 
niques and tools have been developed [l]-[4]. Most analysis techniques assume that the systems operate in 
single-phase missions. However, multiple phases are natural in many applications. The system configuration, 
operational requirements for individual components, the success criteria, and the stress on the components 
(and thus the failure rates) may vary from phase to phase. For example, fault tolerant systems may consist of 
multiple subsystems employing redundancy and may have dedicated or pooled spares. A dedicated spare can 
replace only a single preassigned function. A pooled spare, on the other hand, has the capability of replacing 
any of the several functions in the system. Depending on the requirements during different phases, spares 
may be placed in service or removed from service to balance the system reliability and the cost of operation. 
The success of a redundancy management scheme defines if a system is operational or not. The usage of 
subsystems may also vary from phase to phase and subsystems supporting those services may remain idle 
or may be switched off. Furthermore, the duration of any phase may be deterministic or random. All these 
variations affect the system reliability. 

Sometimes the effects of phased missions can be ignored in favor of simpler analysis. For example, in an 
airplane system, landing gear and its associated control subsystems are not required during cruising phase. 
So exact analysis should not ignore such failures. But, continuing to count the failure of landing gear during 
cruising phase has very little impact on the overall unreliability and may simplify the computation. However, 
most of the time only conservative estimates can be made, thus yielding the worst case unreliability of the 
system. One adverse effect of this is that the systems are over-designed. For economic reasons, it may be 
desirable to perform more accurate analysis. In particular, if one phase may see much more stress than others 
then it is necessary to account for these effects properly. It is not accurate to use conservative parameters for 
the the entire mission. On the other hand the impact of a phase with severest parameter values must not be 
ignored in analysis. Different aspects of phased-mission systems have been discussed by several researchers. 


A 


B 


C 


Figure 1: The three units in a system 


To describe and compare the work here of others and our own, we will use a three component system as 
an example. Components A, B, and C are used in a system which is employed in a mission with 3 phases. 
The phases are denoted as Phase X, Phase Y, and Phase Z, respectively. To show the effect of phased-mission 
analysis we will consider all six permutation of these three phases. That is, we will assume that the mission 
may go through the three phases in any order. So one particular order may be Phases X, Y, and Z or another 
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PHASE X PHASE Y PHASE Z 

Figure 2: The success criteria for phases expressed using fault trees 

could be Phases Z, Y, and X. The success criteria for each of the three phases is expressed using fault trees 
as shown in Figure 2. In Phase X, the system fails if any of the components A, B, or C fails. In Phase Y, 
the system fails if component A fails or both of the components B and C fail. In Phase Z, the system fails 
if all three components fail. The failure rates of three components are A a , A*,, and A c , respectively. 

The corresponding Markov chains for all phases are shown in Figure 3. In the Markov chain representa- 
tion, a 3-tuple represents a state indicating the status of the three components respectively. A “1” represents 
that the corresponding component is alive and a “0” represent that the component has failed. For example, 
a state (101) implies that component B has failed and the other two components are alive. A transition from 
one state to another state has a rate associated with it which is the failure rate of the component that fails. 
For example, a transition from state (Oil) to state (010) has a transition rate of A c . States marked F are 
failed states. 


2 Related Work 

Esary and Ziehms [5] discuss analysis of multiple configuration systems during different phases of a mission to 
accomplish specified goals. In their approach, each phase of a system is modeled using a separate reliability 
block diagram (RBD). For phase p, a component C is represented by a series of a blocks c \ , C 2 , * •• , c p where 
C{ represents the probability of failure (or success) associated with component C in a phase t and depends 
on the failure rate of that component during that phase. All phase RBDs are connected in series as shown 
in Figure 4 for a three phase system using three components. Solution of this RBD correctly predicts the 
reliability of the three phase system. The problem with this approach is a large RBD with several common 
events, the solution of which may be computationally very expensive. Each component generates p basic 
event for a p-phased system. A k component system will thus have k * p basic events and obtaining cut 
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Markov Chain for Phase X 



Markov Chain for Phase Y 



Figure 3: The Markov chains for three phases 



PHASE X PHASE Y PHASE Z 

Figure 4: Reliability block diagram for a three phases system with variable configuration 
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Figure 5: The multi-phase Markov chain 


sets after accounting for common events will be expensive. Approximate solution to RBD may include large 
errors due to multiple common events. 

Pedar and Sarma [6] carry out phased- mission analysis of an aerospace computing systems using an 
approach similar to Esary and Ziehms. They developed a procedure to systematically cancel out the common 
events in earlier phases which are accounted for in later phases. Alam and Al-Saggaf [7] developed a technique 
to analyze repairable systems in which system success criteria and failure rates of components may vary from 
phase to phase. 

Smotherman and Zemoudeh [9] use a non-homogeneous Markov model to carry out a phased- mission 
system analysis. They represent the behavior of the system in each phase using a different Markov chain 
and each phase is represented by a separate subset of the states. The state transitions, which are described 
in terms of random variables, are generalized to include phase changes. Therefore, state dependent phase 
changes, random phase durations, time varying failure and repair behavior are readily modeled. A complete 
Markov chain of a three phase system of Figure 2 with phase order of X, Y, and Z is shown in Figure 5. The 
major drawback of this approach, like Esary and Ziehms approach using RBDs, is a huge non-homogeneous 
Markov chain. The size of the state space is as big as the sum of the number of states in each of the individual 
phase. This requires large amount of storage and computation time to solve a system limiting the kind of 
systems that can be analyzed. 

Somani et. al. [10] presented a computationally efficient method to analyze multi-phased systems and a 
new software tool for reliability analyses of such systems. A system with variable configuration and success 
criteria results in different Markov chains for different phases as shown in Figure 5. In Somani et. al.’s 
approach, instead of a single Markov chain, Markov chains for individual phases are developed and solved 
separately. The issue of varying success criteria and change in system configuration from phase to phase 
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F(U.3*> F(l,2,3’) F(23) F(23) 


(a) Markov Chain for Phase X, Y, and Z (b) Markov Chain for Phases Z, Y, and X 

Figure 6: Two scenarios for phased-mission systems with variable configuration 

is addressed by providing an efficient mapping procedure at the transition time from a phase to another 
phase. While analyzing a phase, only the states relevant to that phase, are considered. Thus each individual 
Markov chain is much smaller than in Smotherman and Zemoudeh [9]. For example, in Figure 5, three Markov 
chains with number of states 2, 4, and 8, respectively are solved instead of a single Markov chain with 12 
states. Using this approach, the computation time for large systems can be reduced significantly without 
compromising accuracy. Phases may be of a fixed or a random duration. The reliability (or unreliability) 
of the system can be computed from the output of final phase. Furthermore, the technique is sufficiently 
general. 

Using a similar approach, Dugan [8] suggested another method in which a single Markov chain with state 
space equal to the union of the state spaces of the individual phases is generated. The transitions rates are 
parameterized with phase numbers and the Markov chain is solved p times for p phases. The final state 
occupation probabilities of one phase become the initial state occupation probabilities for the next phase. 
In her approach, once a state is declared a system down state in a phase, it cannot become an up state in 
a later phase. This is a potential problem as it is possible for a system to have some states that are failure 
states in a phase but are up states in a later phase. For example, consider the two scenarios as shown in 
Figure 6. In the first case (Figure 6a), phase order is Phase X, Phase Y, and Phase Z. In this case, some of 
the states are failure states in the first phase that are later on treated as forced failure states although they 
are not failure states in phases 2 and 3. Such states are marked as F(l,2’,3’) or F( 1,2,3 s ). In the second case, 
phase order is Phase Z, Phase Y, and Phase X. In this case, there are no forced failure states. 

In this paper, we present a methodology to analyze and solve phased-mission systems in which failure 
rates, configuration and success criteria can vary from phase to phase. Moreover, the success criteria can 
be specified using fault trees or an equivalent representation. We believe that a majority of systems can be 
represented using fault trees. Our approach is similar to Esary and Ziehms’ in that we do not generate any 
Markov chains, but in addition we do not create a single, monolithic model. We handle one phase at a time 
and then compute the overall unreliability of the entire mission. This gives us a computational advantage. 
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First we describe some concepts which we will use throughout the paper. 


3 Distribution Functions with Mass at Origin 

One of the key concepts we will use in our method is that of cumulative distribution functions with a mass 
at the origin. Consider a random variable X with cumulative distribution function given by 

F X (t) = (1 - e~ XT ') + e- AT '(l - e~ xt ). 

This function has a mass at the origin given by P(X = 0) = (1 — e~ ATl ) . The second term represents the 
continuous part of the distribution function. 

In order to illustrate the use of such a CDF, consider a component with a failure rate of X that is used 
in a phased mission system. Assume that the system has just completed one phase of duration T\ and is 
currently in the second phase. The above CDF can be assigned as the failure probability distribution of 
the component in the second phase. The first term in the above expression represents the probability that 
the component has already failed in the previous phase. The second term represents the failure probability 
distribution for this component for the second phase. The time origin for the second phase is reinitialized 
to the beginning of the phase. We will use such distribution functions to represent failure probabilities of 
individual components during different phases. 


4 Phased- Mission Analysis: Phase Independent Success Criteria 

In this section we consider a simpler scenario, a phased- mission system in which the success criterion is phase 
independent. Therefore, the system configuration and the success criteria remains unchanged from phase to 
phase and can be represented by the same fault tree for all phases. However, component failure rates are 
allowed to be phase dependent. We first assume that phase durations are deterministic. We will relax these 
constraints one at a time in the following subsections. 

4.1 Phase-Dependent Failure Rates 

To account for phase-dependent failure rates, we assign a failure distribution with mass at the origin to each 
component. Let A ; , represent the failure rate of component j in phase i. For component j, the distribution 
function assigned in phase k is given by 

F Cj k (t) = (1 - e~ XXi X >' T ') + e~ £?-» A »' T ‘(1 - e ~ Xjkt ). (1) 

Here time t is measured from the beginning of phase k so that 0 < t < T*. 7} represents the duration for 
phase i. This expression can be simplified to; Fc J k {t) = 1 — e~ x ^ kt [e~ XjtT ']. At the end of phase fc, 
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at t = T m , the above expression gives the mass at the origin for phase k + 1. A component fails during a 
phase only if it survives during all the previous phases. The factor enclosed in square brackets above is the 
probability of success during first k - 1 phases. Since the success criteria is same in all phases, a system fails 
by phase k if it fails any time during the first k phases. We can obtain the unreliability of the system at 
time 0 < t < Tk during phase 1 < k < m by evaluating the fault tree using the failure distribution function 
for each component as given by Fcj * (0* Of course, if our only interest is in the failure probability for the 
entire mission, we evaluate the fault tree assigning a constant faliure probability 


to component j . 


4.2 Age-Dependent Failure Rates 

If the failure rates of components are phase and age dependent then we cannot count time for each phase 
independently. Instead, to compute the failure probability distribution, we have to account for the global 
(mission) time and its affect on each component. This can be achieved by assigning the failure distribution 
function for component j in phase k as follows. 


1 rCT l 






Xj % (r)dT 


■rrjr* 


) + e 


X ji(r)dT - f* 

’ (1 — e Jc 


X jk (r)dT 

CT k- 1 ] § 


Here, 

$ 

CTi = Y1 T ' 

1-1 


is the sum of durations for i phases and CT 0 = 0. The time t is the cumulative time and is not reset to zero 
for the next phase. Instead it starts at t = 0 at the beginning of a mission and continues to increase. With 
this modification, the fault tree can be evaluated for any time 0 < t < CT m . The probability of failure of 
component Cj at the end of the mission is given by 


1 — e 


-E I./"* .Mo- 


using this constant failure probability for component Cj (for all j), the fault tree can be evaluated to 
obtain the mission failure probability. 

4.3 Random Phase Durations 

To account for random phase durations, we use conditioning followed by the theorem of total probability. 
Let F T ,(ti) be the distribution function for the length of phase t. These distributions are specified by the 
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user. Conditioning on the durations of phases T\ — tuTi — £ 2 , • • *,T m = t m the mission failure probability 
for component j is given by 

l-e- 

Then the unconditional faliure probability for component j is given by 

/ / J[l-e-'E'Z: x ^)dF T ,(t 1 ) dF Tm (t m ) = 1 - 

where F^(s) is the LST (Laplace Stieltejs transform) of T* so that F^($) = / 0 °° e~ sii dFr t (U) 

This failure probability can be assigned to component Cj (for all j ) and the fault tree can be evaluated 
to compute the unreliability of the system for the whole mission consisting of m phases. 


5 Phased-Mission Analysis: Phase- Dependent Success Criteria 

The results of the previous section apply to the cases when the success criteria does not change from phase 
to phase. However, in many applications, the success criteria and the system configuration may change from 
phase to phase. There are several reasons for reconfiguration and change in success criteria from phase to 
phase. Some of these are discussed below. 

1. A component is used in all phases but its operational level requirements may change. In this case, no 
special treatment is required for this component. The definition of operation or failed state depends 
on the success criteria. 

2. A component is used in a n consecutive phases starting with some phase fc, and is then not needed for 
system operation in the remaining phases. 

3. A component is required to remain operational for some phase, is not need for the operation of a few 
phases and is then required again for system operation. 

4. Additional redundant modules are added during the operation of the system. 

5. Some redundant modules are removed from a subsystem. 

6. Spare or operational redundant modules corresponding to one subsystem become spare or redundant 
modules for another subsystem. 

Due to a change in success criterion, it is possible that some combination of failures of components in 
one phase leads to failure of the system whereas the same combination does not lead to failure in some other 
phase. In Markov chain-based methods, it is easier to keep track of the system states, and therefore, change 
in system success criteria could be easily accounted for. However, in the case of a fault tree, this change 
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needs to be accounted for by considering cases when the system may fail or may not fail at the time of phase 
transition. There are four possible cases which may occur at the time of a phase transition from phase i to 
phase i + 1 • 

1. A combination of component failures does not lead to system failure in both phases z and i + 1. 

2. A combination of component failures leads to system failure in both phases i and i + 1. 

3. A combination of component failures does not imply system failure in phase i but is treated as system 

failure in phase i + 1 . 

4. A combination of component failures implies system failure in phase i but does not imply system failure 
in phase i + 1 . 

The first two cases require treatment similar to that in the previous section as the success criteria does 
not change from phase i to phase * + 1 with respect to the failure combination under consideration. Failure 
combinations in the third case above should be treated as failures in the earlier phase i as well. This is 
because such combinations, once present during a phase are bound to lead to the system failure eventually 
at the transition time when the systems enters this later phase. These are referred to as latent failures in 
[11]. Hence a more stringent criterion should be applied with respect to these combinations. So we can 
assume that all failure combinations in phase i + 1 are also failure combinations in phase i (but not vice 
versa). Hence for the first three cases, the unreliability can be evaluated by evaluating the fault tree for the 
last phase using the approach of Section 4. 

The failure combinations which imply system failure in phase i, but do not lead to system failure in 
subsequent phases, as is the fourth case, should be handled more carefully. We need to account for the 
probability of occurrence of these failure combinations until phase i. Any probability attributed to such 
combinations of component failures in later phases does not contribute towards system unreliability. Esary 
and Ziehms account for this by cascading the phase reliability blocks. However, as mentioned earlier, that 
leads to a more expensive computation. We present our method of handling such failure combinations below. 

Our methodology consists of the following steps. We divide the system unreliability of a phased mission 
system into two parts: (i) common failure combinations; and (ii) phase failure combinations. We evaluate 
the unreliability due to these two components using the following procedure. 

5.1 Common Failure Combinations 

The first component, common failure combinations, includes the probability of those component failure 
combinations which are common to all phases after the most stringent criterion has been applied to all phases. 
That is, if a combination leads to system failure in phase i + 1, then it is a considered a failure combination in 
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phase i as well. Thus the common failure combinations essentially include the failure combination specified 
for the last phase. 

The unreliability due to common failure combinations can be computed using the method described in 
the previous section for analyzing phased-mission system with phase-independent success criteria. That is, 
we compute the failure probability distribution for individual component and then evaluate the common 
fault tree which is the fault tree for the last phase. 

5.2 Phase Failure Combinations 

The second component, phase failure combination, includes the probability of all failures specific to individual 
phases after applying the most stringent success criterion in each phase. For phase *, this part include the 
probability of only those component failure combinations which contribute to system failure in phase i but 
are considered operational in all subsequent phases. 

Unreliability due to the second component requires additional computations. For each phase, we need to 
identify and compute the probability of component failure combinations which lead to system failure in that 
phase and does not imply system failure in any subsequent phase. Let be the Boolean logic expression 
specifying the failure combinations for phase t. Then phase failure combinations for phase i (PFCi), which 
are treated as success combinations for the all subsequent phases are given by 

PFC t = ( ••♦((£’,- A^)Al^)-..A^). 

In the above expression, we include only those combinations which are failure combinations in phase i but 
are not failure combinations in any of the subsequent phases. This expression can be simplified as 

PFCi = Ei A (£ i+ iV-V£p). 


5.3 Phase Algebra 

Let A = 1 mean that component A has failed. Then A — 0 says that component A has failed and .4 = 1 
means that component A is operational. Using this notation, for the system described in Figure 2 the 
following Boolean expression describe the failure combinations for phases X, Y, and Z. 

E x =A + B + C 

Ey — A -\- B C 

E Z = ABC 

It should be noted that in the expression for PFCi , event A denotes the failure of component A in phase 
i only. Thus for each phase, we need to define a separate symbol for each component. This is very similar 
to Esary and Ziehms notation where they have a separate symbol denoting failure of a component in each 
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phase. Let A{ - 1 denote the event that component A is operational during the interval from the start of 
the mission until the end of phase i. This automatically implies that the component is operational during 
all earlier phases as well. With this addition, the Boolean expressions for phases X, Y, and Z used in system 
phase i are denoted by E^x , fwr, and Eiz , respectively, and are given by the following. 

Eix = Ai + B{ + Ci 

E iY = Ai + Bi C% 


Eiz — Ai Bi Ci 

When the expression for PFCi is simplified, we need to merge different combinations of such terms which 
could be a little tricky and need special treatment. Let i and j be two phases and let i < j. The following 
rules should be used to simplify the logic expressions. 


Ai Aj — ► Aj 

AA 7 — Ti 
Ai A j — ► 0 


A{ + Aj — * Aj 

Ai T Aj — * Ai (2) 

Ai + Tj - 1 


A{Aj and A{ + Aj do not simplify any further. What the first combination means is that component A is 
operational until the end of phase i and then fails sometime between the end of phase i and end of phase j. 
The second term has no physical meaning. Also, if a component fails during a phase and then it is required 
to be operational during a later phase, then the two events cannot be satisfied at the same time. That is 
why AiAj — ► 0 holds. 

The correctness of these relations can be verified by considering the following. Let a, = 1 denote that 
the component A is operational during phase t only. Then Ai = a\a 2 * * * a* and Aj = a\a 2 - aj. Now by 
substituting these values on both sides of each of these relations, we can verify that Relations 2 hold. 


5.4 System Unreliability 

Using the phase algebra, the system unreliability can be computed as follows. First compute all the P FC^s 
for all phases. Then the system unreliability is given by 

p-i 

UR = P(E p ) + ^ P(PFCi) (3) 

t=i 

where P{E p ) is the probability of failure evaluated using the fault tree, E p of phase p (the last phase) using 
the failure distribution function calculated for each component as described in Section 3. P(PFCi) is the 
probability of phase failure combinations for phase i. To calculate PFCi s, we will require probability of 
events such as a component remains operational during all phases starting from 1 to i, or a component 
remains operational during phase 1 to phase k and then fails during phase k + 1 to phase i for some k. Such 
probabilities can also be calculated using the techniques defined in Section 3. 
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5.5 Example 


In this section, we demonstrate our technique using the example described in Figure 2. This system has 
three components and we describe three phases, X, Y, and Z. To show the difference, we will consider all 
the six permutations of three phases. The failure combinations of three phases are defined by Ex> Ey , and 
Ez above. 

Now we discuss each of the six permutations separately. 

Permutation X Y Z. In this case first phase is phase X, followed by phase Y, that is followed by phase 
Z. So the PFCi functions are obtained as follows. 

PFCi = (E\x ■ Eiy ) • E sz 

• = (( 3 T + 5 T + ct^xm b; W) 

— j4 3 P 2 Ci 4 A 3 B\C 2 + A2B3C1 4- A2B1C3 

(4) 

PFC2 — Ey.Ez 

= {A2 4 B2 C 2 ).(j 4 3 #3 C3) 

= A3B2 C2 + A2B3 + A2C3 

Then the system unreliability is given by 

URxyz = P{Ezz) 4 P(PFC\) 4 P(PFC 2 ) 
where 

P{E 3 z) = P{M) ’ P{^) P{Cl) 

P(PFCi) = P(A 3 B 2 C 1 4 A3BIC2 4 - 4 - i4 2 5TC 3 ) 

= P(A 3 B 2 C T) + P(( 4 3 P 7 C 2 4- A2B3CI 4 - A2~B~xC 3) -iM + lh + Cl)) 

= P(A 3 B 2 C\) 4 P(4 3 PiC 2 4“ A 2 A 3 B 3 C\ 4 A 2 B\C 3 ) 

= P{A 3 B 2 C~ X ) 4 P(A 3 B^C2) 4 P{{A2MB 3 C~i 4 A 2 B^C 3 ) -(%+B x + C~ 2 )) 

= P(4 3 P 2 CT) 4 P(A 3 B^C 2 ) 4 P(^2^P 3 Cr 4 A 2 T 3 W X C 3 ) 

= P(^3P 2 CT) 4 P(^ 3 P7C 2 ) 4 P(^2^P 3 C7) 4 P((^2^ P7c 3 ) • (^4 ila 4 ^4 CO) 

= P(4 3 P 2 CT) 4 P(yl 3 P7C2) 4 P(A 2 J;B 3 C' 1 ) 4 P(.4 2 ^ B^C 3 ) 

and 

P(PFC 2 ) = P{A 3 ~B~2 C 2 4 17 P 3 4 4^C 3 ) 

= P(A 3 B 2 C 2 ) 4 P((^4 2 P 3 4 ^ 2 ^) ■ (j4 3 4 B 2 4 C 2 )) 

= P(^ 3 P7 CO 4 P(^P 3 4 Hc 3 ) 

= P(A 3 fy C 2 ) 4 P(MB 3 ) 4 P{{MC 3 ) • (4 2 4 BO) 

- P(^ 3 P^ CO 4 P(^P 3 ) 4 P(^P 3 C 3 ) 

(5) 
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It is easy to compute the probability of failure in phase 3 using the failure distributions for individual 
components. A fault tree solver such as SHARPE [2] can be used to compute that. Similarly, the probability 
of expressions in Equation 4 can be evaluated after simplifying the expressions as a sum of disjoint products 
using algorithm such as the one described in [12] and depicted in 5. 

Permutation X Z Y. In this case first phase is phase X, followed by phase Z, that is followed by phase 
Y. Without going into details, the PFCi functions are computed as follows. 

PFC\ — A 3 B 3 C\ + A 3 B\C 3 

and 

PFC 2 = <t> 

The last phase in this case is phase Y. The system unreliability can be computed using 

U Rxzy = R{E 3 y) + P(P FC\) + P(P FC 2 ) 

= P(A 3 ) + P(A 3 B 3 C 3 ) + P{A 3 B 3 C X ) + P(A 3 B\C 3 ). 

Permutation Y X Z. For this case, the PFCi functions are computed as follows. 

PFC\ = <t> 


PFC 2 = A 3 (B 2 + C 2 ) + B 3 (A 2 + C 2 ) + C 3 (A 2 + B 2 ) 

The last phase in this case is phase Z. The system unreliability can be computed using the following. (We 
are omitting details of simplification.) 

U Ry xz = P(E 3 z) + P(P F C '\ ) + P(P FC 2 ) 

= P(M) • P(b;) ■ P(^) + P{A 3 B~ 2 ) + P(A 3 B 2 C 2) + P(a;b 3 ) 

+p(a 2 b 3 c 3 ) + P(A 2 A 3 B 3 C 2 ) + P{A 2 A 3 b 2 c 3 ) 

Permutation Y Z X. For this case, the PFCi functions are computed as follows. 

PFCi = <t> 


and 


pfc 2 = <t> 

The last phase in this case is phase X. The system unreliability can be computed using the following. 


URyzx = P(E 3X ) + P(PFCi)+ P{PFC 2 ) 
= P(M) + P(B~ 3 ) + P(^) 


13 



Permutation Z X Y. For this case, the PFCi functions are computed as follows. 


PFC\ = <j> 


and 

PFC2 — A 3 B 3 C 2 + A 3 B 2 C 3 

The last phase in this case is phase Y. The system unreliability can be computed using the following. 

URzxy =P(E 3Y ) + P{PFC l ) + P(PFC 2 ) 

= P(A 3 ) + P{A 3 Ei; ci) + P(A 3 B 3 C 2 } + P(A 3 fyC 3 ) 

Permutation Z Y X. For this case, the PFCi functions are computed as follows. 

PFC } = <f> 

and 

PFC 2 = <t> 

The last phase in this case is phase X. The system unreliability can be computed using the following. 

URyzx = P(E 3 x) 4- P(PFCx) + P(PFC 2 ) 

= P(A 3 ) + P(K) + P(C; 3) 

5.6 Exact Solution Using Markov Chain 

The same three component system can be analyzed using Markov Chain for the six permutations. There 
are eight possible states in each phase as depicted in Figure 3. Using the same notation for the names of 
states, i.e., state 101 represents that components A and C are operational and component B has failed, we 
can derive expressions for states occupacncy probabilities (SOPs) at the end of each phase. Depending on 
the success criteria, for the failure states in phase p, the initial state occupancy probability for the same 
state in phase p 4- 1 is zero. 

Let Pp( s ) denote the SOP for phase p of state s where s E {000,001,010,011,100,101,110,111} and 
p = 1 , 2, and 3. Again, let T p denote the phase duration for phase p and let CT V denote the sum of 
durations of first p phases. Let A a p , A and A c p denote the failure rates of components A, B, and C, 
respectively, in phase p. Using these notations, the SOPs for phase p can be derived using the SOPs for 
phase p — 1 and are given in Equation 6. 

Using the relationship in Equation 6, we can compute the SOPs for operational states for each phase. 
The unreliability at the end of each phase is given by 1 - sum of SOPs of operational states in that phase. 
At the end of that phase, SOP for the failure states in that phase can be set to zero as this probability mass 
is not carried forward to the next phase to success states. For example, for the case of permutation X Y Z, 
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initially P 0 ( s ) = 0.0 for all states where s ^ 111 and P 0 (ni) = 10. Using these values and the success criteria 
for phase X, at the end of phase X, we assign P^ s) (CTi) = 0.0 for all states where s ^ 111 and Pi(m)(CTi) 
is calculated Equation 6. Using, these values and the success criteria of phase Y, we can compute SOPs for 
phase 2. At the beginning of phase 3, we assign P 2 ($){CTi) = 0.0 where s E {000,001,010,011, 100} and 
compute P 2 ( 5 )(CT 2 ) = 0.0 where s E {101, 110, 111} using relations defined in Equation 6. Finally, using 
these results of phase 2, we can calculate P 3 (s)(CTz) where s E {001, 010, Oil, 100, 101, 110, 1 1 1}. 

Sometimes a backward or need-based computation may be more useful. For example, for permutation 
Z Y X, we only need to calculate P 3 (in){CTs) which requires only P 2 (in)(C f ^ 2 )* This, in turn, requires 
computation of Pi(m)(CT 1 ) which can be calculated using Po(in)(CT 0 ) = 1.0. Finally, the unreliability for 
the 3 phase system is 1 — P 3 (m)(CT 3 ). However, intermediate unreliabiities at the end of phases 1 and 2 
may require more computation. 


Pp{\\\){CT p -\ + 0 

Pp(iio)(C f T p _i + i) 

Pp(ioi)(CT p -\ + 1) 
Pp(o\\){CT p -i + <) 
Pp(ioo)(C'T p _i -1- 0 

Pp(oio)(CT p _i + t) 

Pp(ooi)(CT p -i + 1) 


= Pp-i(i»)(CT,_,)e-^‘ e- A *>‘ e- Ac >» 

= Pp-\(\\\){CT f -\)e~ > ' A r t e~ A V (l-e- A ^‘) + P p - 1 (,io)(CT p _ 1 )e- A ^ 1 e~ XB ^ 
= P P -nin)(CT p - 1 )e~ x ^ t (1 - e- A «,*) e- Ac -‘ + P p _i ( ioi)(CT p _i)e- A V e~ Ac »‘ 
= e p -i(iii)(CT p _,)(l -e" A V) e~ XB f* e- Ac »‘ + P p _ 1 (on)(CT p _ 1 )e- A ^ < e" A< V 
= P p -i(iii)(Cr p -i)e- A ^‘ (1 - e - A V) (1 - e- Ac >‘) + P p _j(ioo)(C , T P _i)e- A ^‘ 

+ P p -i(no ) (CT p _ 1 )e- A V (1 - e- A V) + P p -x { M){CT p - X )e~ x *>' (1 - e~ x ^) 

= P p -i(ui)(eT p _i)(l -e~ A ^‘) e- A V (l-e- Ac .*) + ^P-i(oio)(C , T p _ 1 )e- AB p‘ 
+P p -i(no)(CT p . 1 )(l - e" A V) e' A V + P p -i ( oii)(CT p _ a )e- AB >‘ (1 - e"^) 

= P P -i(m)(CT p -,)(l “ e~ XA >*) (1 - e _Ae '‘) + P P -i ( ooi)(CT p _i) e ~ AcF ‘ 

+Pp-i(ioi)(CT p _ 1 )(l - e~ XA ’ ,t ) e- A -P + P P _i(oii)(CT p . 1 )(l - e" A V) e" A V 


16) 


5.7 Comparison with Other Techniques 

We analyze the above six scenarios using the technique discussed in this paper, Esary and Ziehms approach, 
analytic solution of Markov chains, phased-mission approach of [10] and [9], and the phased-mission approach 
of [8]. We assume that the durations of all the three phases are 10 hours each and the failure rate of each of 
the component is 0.000 1/hour. Thus the input data do not skew results in any direction as all components 
are similar and all phases are similar. The results are only affected by the sequencing of phases and system 
success criteria. 

We obtain the results shown in Tables 1 and 2. The results for the six permutations of phases X, Y, and 
Z, are obtained (and listed) at the end of each phase. When the worst case criteria is applied, that is a failed 
state in one phase is considered as failed state in all subsequent phases, the results for unreliability can be 
very high. 
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Table 1: Unreliability of Phased- Mission System (Accurate Analysis) 


Permute 

X Y Z 

X Z Y 

Y X Z 

Y Z X 

Z X Y 

Z Y X 

Phase 1 

0.002995504 

0.002995504 

0.001000498 

0.001000498 

0.000000001 

0.000000001 

Phase 2 

0.003993006 

0.002995505 

0.005982036 

0.001000502 

0.005982036 

0.002001985 

Phase 3 

0.003993009 

0.004991493 

0.005982037 

0.008959621 

0.006976549 

0.008959621 


Table 2: Unreliability of Phased-Mission System (Worst Case Scenario) 


Permute 

X Y Z 

X Z Y 

Y X Z 

Y Z X 

Z X Y 

Z Y X 


0.002995504 

6.002995504 




0.000000001 

Phase 2 

0.005982036 

0.005982036 

0.005982036 

0.002001985 

0.005982036 

0.002001985 

Phase 3 

0.008959621 

0.008959621 



0.008959621 

0.008959621 


The important thing to observe here is that when we allow failure combinations (failure states in Markov 
chains) to become operational combinations (up states in Markov chains) in a later phase, then the overall 
unreliability of the system can be substantially lower, as is the case in the last column. For example, in 
a spacecraft, launch is the most important activity. After that, all launch related activities or components 
which could have caused failure during launch is not going to make any difference any more. Thus those 
failure combinations are operational combinations for the rest of the mission. 

To further explore the impact of phase configurations and durations of phases, we varied the phase 
durations. In the first variation, we assume that the first phase is always of 1 hour duration, the second 
phase is of 10 hour duration, and the third phase is of 100 hour duration irrespective of the types of phase 
configurations, X, Y, or Z, used during these phases. The results for this variation for the two cases are shown 
in Tables 3 and 4, respectively. In another variation, we assume that the phase X is always of 1 hour duration, 
phase Y is always of 10 hours duration, and phase Z is always of 100 hours duration irrespective of where in 
the mission these phase configurations are used. The results are given in Tables 5 and 6, respectively. In this 
case, the results differ by more than an order of magnitude depending on the ordering of the phases. If the 
stringest success criteria is during the beginning of phases, then phased-mission analysis is more meaningful. 

It should be noted that the techniques in [10], [8], and [9] are capable of handling the more general case 
of repairable systems while the technique discussed by Esary and Ziehms as well as the one presented in this 
paper are both restricted to the cases of non-repairable systems. The technique in [9] is most general but 
most expensive in computation time and in this case will yield the same result as in [10] because both of 
these make no approximations. 
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Table 3: Unreliability with 1, 10, and 100 hours phases (Accurate Analysis) 


Permute 

X Y Z 

X Z Y 

Y X Z 

Y Z X 

Z X Y 

Z Y X 

Phase 1 

0.000299955 

0.000299955 



0.000000000 

0.000000000 

Phase 2 

0.001300153 

0.000299956 

0.003294561 

0.000100006 

0.003294561 

0.001100603 

Phase 3 

0.001301332 

0.011354728 




0.032751658 


Table 4: Unreliability with 1, 10, and 100 hours phases (Worst Case Scenario) 


Permute 

X Y Z 

X Z Y 

Y X Z 

Y Z X 

Z X Y 

Z Y X 

Phase 1 

0.000299955 

0.000299955 



0.000000000 

0.000000000 

Phase 2 

0.003294561 

0.003294561 

0.003294561 

0.000200020 

0.003294561 

0.001100603 

Phase 3 

0.032751658 

0.032751658 

0.032751658 

0.032751658 

0.032751658 

0.032751658 


6 Conclusions 

We have presented a technique to analyze phased- mission systems using fault trees. This technique yields 
accurate results and is simpler in concept and computation. For this purpose, we develop a phase algebra 
that allows us to efficiently compute the probability of all possible combinations contributing to failure in 
phased-mission systems during individual phases. This technique will be very useful for a large class of 
systems where the system behavior can be described using fault trees. 
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Table 5: Unreliability with T x = 1, Ty = 10, and T z = 100 hours phases (Accurate Analysis) 


Permute 

X Y Z 

X Z Y 

Y X Z 

Y Z X 

Z X Y 

Z Y X 

Phase 1 

0.000299955 

0.000299955 

0.001000498 

0.001000498 

0.000000985 

0.000000985 

Phase 2 

0.001300153 

0.000300940 



0.029845556 

0.011058089 

Phase 3 

0.001301332 

0.011354728 

0.003295543 

0.032751658 

0.030816194 

0.032751658 
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Y X Z 

Y Z X 

Z X Y 

Z Y X 

Phase 1 

0.000299955 

0.000299955 

0.001000498 

0.001000498 

0.000000985 

0.000000985 
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0.003294561 

0.003294561 
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0.011058089 
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